EUVD-2026-11109
An authenticated SQL Injection vulnerability CWE-89 in the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl in Koha allows a low-privileged staff user to execute arbitrary SQL queries and retrieve sensitive database information...